Njordium Cyber, has launched a new Vendor Management System (VMS) designed to help European organisations streamline third-party risk oversight and meet growing regulatory expectations.
The launch comes as financial institutions and enterprises across Europe face mounting pressure to manage vendor risk more effectively. According to the Whistic Third-Party Risk Management 2025 Impact Report, 70% of European organisations experienced a data breach within the past three years, with 77% of those incidents originating from vendors or third parties.
At the same time, internal teams tasked with managing third-party risk spend more than 37 hours a week on repetitive administrative tasks while struggling to keep pace with expanding regulatory requirements.
Njordium Cyber Group focuses on helping organisations strengthen their cyber resilience, compliance posture and risk governance. The company provides cyber intelligence and risk management solutions that enable financial institutions and regulated industries to navigate increasingly complex regulatory frameworks while improving operational efficiency.
The new Vendor Management System aims to simplify third-party assessments in environments where organisations must simultaneously comply with multiple regulations. Banks, insurers and payment firms operating under frameworks such as NIS2, the Digital Operational Resilience Act (DORA), the Cyber Resilience Act and GDPR frequently conduct duplicate vendor assessments across different teams. Njordium said this creates fragmented evidence trails that regulators increasingly view as a sign of weak compliance controls.
The VMS platform addresses this issue by allowing organisations to perform a single vendor assessment that simultaneously meets the requirements of several regulatory and industry frameworks. According to the company, one assessment can satisfy NIS2, DORA, the Cyber Resilience Act, GDPR Article 28 and ISO 27001, while also producing aligned outputs for supply chain security under ISO 28001 and enterprise risk management under ISO 31000.
Additional capabilities include built-in modules for ultimate beneficial ownership screening, politically exposed persons monitoring and suspicious activity reporting. These functions are designed to integrate directly into regulatory workflows, helping firms identify and address potential compliance gaps before they become enforcement risks. Njordium added that all data processed by the platform remains within the client’s own infrastructure through either on-premise deployment or private cloud environments.
The system also introduces a multi-framework assessment engine, allowing organisations to apply a single set of controls across multiple compliance obligations. Risk-proportionate tiers scale assessments depending on vendor criticality, with options covering 30, 80 or 114 controls and the ability to map nth-party supply chain relationships.
Njordium Cyber Group CEO Mads Becker Jørgensen said, “Whistic, KPMG and Gartner — three independent research bodies — arrived at the same structural diagnosis in the same twelve-month window in 2025: the architecture, not the effort, is broken. We didn’t add another layer of complexity — we removed it. One assessment, seven regulatory outputs, one immutable audit trail. That is the new standard.”
Njordium senior advisor Kim Haverblad added, “With AMLA now live, every obliged entity must ask whether its AML team and its vendor intelligence team are looking at the same reality. In most organisations they are not. Njordium closes that gap before the regulator does it for them.”
Keep up with all the latest FinTech news here
Copyright © 2026 FinTech Global
